NSA's XKeyscore tool sees 'nearly everything' you do on the internet

And lets agents search it!

New documents provided by Prism whistle-blowing fugitive Edward Snowden detail another of the NSA's tools to keep tabs on what people do online.

The database program is called XKeyscore, and is said to be the agency's "widest reaching" system.

Leaked top secret documents claim that it tracks and allows agents to search through the emails, online chats, website visits, searches conducted and all the associated metadata (the whens and hows) of millions of internet users.

The training presentation seen by the Guardian explains that this allows for "real time" interception of a person's web activity - and to target a single person, all the NSA needs is a phone number or email address.

Target practice

Once it has that, it can search through related content by name, phone number, IP address, keywords, language or browser. This added flexibility is needed because "[searching by email address alone] gives us only a very limited capability" . Poor lambs, why's that? Because "a large amount of time spent on the web is performing actions that are anonymous".

The email addresses and phone numbers used and searched for by XKeyscore can be skimmed from people's address books or received emails' signatures, not necessarily just those of the people the NSA is actively monitoring.

What's more, XKeyscore doesn't just track the fact that emails have been sent and received - it also allows agents to search and read email body text and the to, from, CC and BCC lines.

Because of the vast amounts of data being assembled by the database, actual content that XKeyscore collects is stored for three to five days while metadata is stored for 30.

"At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours," the slides explain.

Don't worry though, the agents have to put in a "justification" for every search query. Some of these justifications are available as drop down menus.

Typical users

The documents claim that 300 "terrorists" have been caught using data extracted from XKeyscore.

However, on the slide detailing why NSA would be "interested in HTTP" it is explained that this is "because nearly everything a typical user does on the Internet uses HTTP". A typical user? Hey, that's you! And me! And everyone you know!

Perhaps today's jaded cynical web citizens are not too surprised that the NSA has this ability - but it's the legality of how it's being used that could be the main worry.

Just as with Prism, the NSA needs a warrant to delve into a US citizen's web activity but foreign targets are fair game - and if a foreign target is in contact with, or has a US citizen in its address book or contacts list, then the NSA will know about it.

Snowden has also alleged that agents' use of the both Prism and XKeyscore largely goes unchecked.

In a statement to the Guardian, the NSA said: "NSA's activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests.

"XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system. Allegations of widespread, unchecked analyst access to NSA collection data are simply not true.

"Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.

"Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.

"These types of programs allow us to collect the information that enables us to perform our missions successfully – to defend the nation and to protect US and allied troops abroad."